Solved

I am working on a Juniper-NS5GT  firewall and I need to port foward 3389 to a client machine

Posted on 2009-05-19
8
653 Views
Last Modified: 2013-11-16
I have a third party app company who is going to need to get into a machine
To make it easier for you guys  here is the IP of the router 192.168.7.1
here is the IP address of the client Machine 192.168.7.56
Please advise on this thank you and I ask for no KB articles just simple answers as I am under the GUN to get this done
0
Comment
Question by:explorer648
  • 6
  • 2
8 Comments
 
LVL 6

Expert Comment

by:drewha1969
ID: 24425484
Try this:

Go to Objects ->Services -> Custom
Create a new service for TCP port 3389

Create a policy from Untrust to Trust
Source Address - Any or if you know the IP of your partner
Destination Address - 192.168.7.56
Service - Custom Service
Action - Permit
Check logging and at session beginning (Optional)

I think that should do it
0
 

Author Comment

by:explorer648
ID: 24425688
Umm tried it and after i did it it does not work?
here is the screen shots



policy-page.bmp
PORT.bmp
0
 
LVL 6

Expert Comment

by:drewha1969
ID: 24425978
My bad, i was wrong on the destination setup.

Create a Address list called VIP TS
Assign your public IP

In Network -> Interfaces
Edit your public interface

Goto VIP properties
Create new VIP service
Assign port 3389 to 192.168.7.56

Now set your destination address in your policy as VIP TS
0
 
LVL 6

Expert Comment

by:drewha1969
ID: 24425997
PS  Setup your VIP TS as a Global address
0
Network it in WD Red

There's an industry-leading WD Red drive for every compatible NAS system to help fulfill your data storage needs. With drives up to 8TB, WD Red offers a wide array of solutions for customers looking to build the biggest, best-performing NAS storage solution.  

 
LVL 6

Expert Comment

by:drewha1969
ID: 24426866
As a side note, this should work, as we have it done this way to pass port 80 to our webserver, however I am definitely not a security guru and am not sure of all the ramifications of opening up a desktop to the internet on that port.  As far as i know, if the machine has strong passwords, it should be safe, but again, I am no guru.

To clarify and make sure I have given you the correct information, it sounds like you do not have a VPN setup between your 2 networks and you are trying to connect over the internet.  If so, setting up the destination as I have described above should work.
0
 
LVL 6

Expert Comment

by:drewha1969
ID: 24431253
I feel I may have been rushing through the VIP part and left out some details so:

Network -> Interfaces
Edit Public Interface (Usually Ethernet 3)
VIP
If no previous entries, follow the next step, else skip to New VIP Service
Add/Modify VIP entry -> select "Same as the untrusted interface IP address" -> Add

New VIP Service
Virtual IP -> Public IP
Virtual Port -> 3389
Map to Service -> Custom service (TS) 3389
Map to IP -> 192.168.7.56
Check Server Autodetection

0
 
LVL 6

Accepted Solution

by:
drewha1969 earned 500 total points
ID: 24431285
Sorry again, set the netmask as 32 for your global address.
VIP TS = PublicIP/32
0
 

Author Comment

by:explorer648
ID: 24606965
I have not had a chance to try this new solution yet I will try it and see where it takes me
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
With the power of JIRA, there's an unlimited number of ways you can customize it, use it and benefit from it. With that in mind, there's bound to be things that I wasn't able to cover in this course. With this summary we'll look at some places to go…
Learn how to create flexible layouts using relative units in CSS.  New relative units added in CSS3 include vw(viewports width), vh(viewports height), vmin(minimum of viewports height and width), and vmax (maximum of viewports height and width).

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now